Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
graphql-tools
Advanced tools
The graphql-tools package is a set of utilities that help in the development of GraphQL schemas and resolvers in JavaScript. It provides tools for schema stitching, schema delegation, and schema transformation, among other functionalities.
Schema Stitching
Schema stitching allows you to combine multiple GraphQL schemas into a single schema. This is useful for modularizing your GraphQL API and for integrating multiple services.
const { makeExecutableSchema, mergeSchemas } = require('graphql-tools');
const schemaA = makeExecutableSchema({ typeDefs: `type Query { hello: String }`, resolvers: { Query: { hello: () => 'Hello from schema A' } } });
const schemaB = makeExecutableSchema({ typeDefs: `type Query { world: String }`, resolvers: { Query: { world: () => 'World from schema B' } } });
const mergedSchema = mergeSchemas({ schemas: [schemaA, schemaB] });
Schema Delegation
Schema delegation allows you to forward a query from one schema to another. This is useful for creating a unified API that delegates parts of the query to different underlying services.
const { delegateToSchema } = require('graphql-tools');
const schemaA = makeExecutableSchema({ typeDefs: `type Query { hello: String }`, resolvers: { Query: { hello: () => 'Hello from schema A' } } });
const resolvers = {
Query: {
helloFromA: (parent, args, context, info) => delegateToSchema({ schema: schemaA, operation: 'query', fieldName: 'hello', context, info })
}
};
Schema Transformation
Schema transformation allows you to modify an existing schema. This can include renaming types, adding or removing fields, and other modifications. This is useful for adapting third-party schemas to fit your needs.
const { transformSchema, RenameTypes } = require('graphql-tools');
const schema = makeExecutableSchema({ typeDefs: `type Query { hello: String }`, resolvers: { Query: { hello: () => 'Hello' } } });
const transformedSchema = transformSchema(schema, [new RenameTypes(name => `New_${name}`)]);
Apollo Server is a community-maintained open-source GraphQL server that works with any GraphQL schema built with graphql-tools. It provides an easy way to set up a GraphQL server with features like schema stitching, schema delegation, and more. Compared to graphql-tools, Apollo Server is more focused on providing a complete server setup, including integrations with various data sources and middleware.
graphql-compose is a toolkit for generating complex GraphQL schemas in an easier and more readable way. It provides a set of utilities for schema creation, schema stitching, and schema transformation. Compared to graphql-tools, graphql-compose offers a more composable and functional approach to building GraphQL schemas.
This package allows you to use the GraphQL schema language to build your GraphQL.js schema, and also includes useful schema tools like per-type mocking.
The "Hello World" server which powers our client examples is a great place to start if you're looking for a minimal codebase powered by graphql-tools
.
When using graphql-tools
, you describe the schema as a GraphQL type language string:
const schema = `
type Author {
id: Int! # the ! means that every author object _must_ have an id
firstName: String
lastName: String
posts: [Post] # the list of Posts by this author
}
type Post {
id: Int!
title: String
author: Author
votes: Int
}
# the schema allows the following query:
type Query {
posts: [Post]
}
# this schema allows the following mutation:
type Mutation {
upvotePost (
postId: Int!
): Post
}
# we need to tell the server which types represent the root query
# and root mutation types. We call them RootQuery and RootMutation by convention.
schema {
query: Query
mutation: Mutation
}
`;
export default schema;
Then you define resolvers as a nested object that maps type and field names to resolver functions:
const resolverMap = {
Query: {
posts() {
return posts;
},
},
Mutation: {
upvotePost(_, { postId }) {
const post = find(posts, { id: postId });
if (!post) {
throw new Error(`Couldn't find post with id ${postId}`);
}
post.votes += 1;
return post;
},
},
Author: {
posts(author) {
return filter(posts, { authorId: author.id });
},
},
Post: {
author(post) {
return find(authors, { id: post.authorId });
},
},
};
export default resolverMap;
At the end, the schema and resolvers are combined using makeExecutableSchema
:
import schema from './data/schema.js';
import resolverMap from './data/resolvers';
import { makeExecutableSchema } from 'graphql-tools';
const executableSchema = makeExecutableSchema({
typeDefs: schema,
resolvers: resolverMap,
});
This example has the entire type definition in one string and all resolvers in one object, but you can combine types and resolvers from multiple files, as documented in the modularizing the schema section of the docs.
Contributions, issues and feature requests are very welcome. If you are using this package and fixed a bug for yourself, please consider submitting a PR!
FAQs
Useful tools to create and manipulate GraphQL schemas.
We found that graphql-tools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.